Vulnerability Development mailing list archives
Re: IE 5 'feature'?
From: MindSuck <mindsuck () USA NET>
Date: Thu, 28 Sep 2000 21:01:33 -0300
This 'feature' to my knowledge has been around for a long time, Microsoft just uses it for when you install/reinstall/update IE. They just use it to keep a more updated user database and not bother you a lot... so after you register it will go back to your old homepage. ----- Original Message ----- From: "Doe, John" <LeaveMeHigh () AOL COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Monday, September 25, 2000 1:14 PM Subject: IE 5 'feature'?
Hi, hope this is in sync with the purpose of the list,
I recently used windowsupdate(.microsoft.com) to update (Win98 SE) to
IE
5 sp1. I noticed (after the mandatory reboot), that the next time I
opened
IE it wanted to 'register' itself by opening a URL:
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=5.0&O1=inter na
l&plcid=1103
This URL was in the registry, in:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
And was *apparently* added by %WINDIR%\system\homepage.inf:
[!StartHomePage]
; WARNING - Don't add anything else to this section
; IEAK may nuke it if user requests no welcome page
HKCU,"Software\Microsoft\Internet Explorer\Main","First Home
Page",,%FirstHomePage%
...
[Strings]
PROGRAMF="Program Files"
FirstHomePage="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pv er
=5.0&O1=internal&plcid=1103" Browser_suite="Internet Explorer" SHORTCUT_UPDATE="Update Product" Long story short, I don't see why IE would have to check back with
Microsoft.
The URL does redirect to some MSN and Hotmail promo page, so it may just
be
ads. The more interesting part is that the registry key is deleted after the
page
is loaded for the first time. So you can set the key (recreate it if you have to) to some site and IE will go there without questioning and cleanup itself afterward. This is a lot different than the "Start Page" key value, which is the
initial
page set in the options. "First Home Page" will override that setting the first time. Of course, if you have access to the registry, you already can do whatever you want... -lmh
Current thread:
- IE 5 'feature'? Doe, John (Sep 27)
- Re: IE 5 'feature'? MindSuck (Sep 28)
- Re: IE 5 'feature'? White Vampire (Sep 29)
- Re: IE 5 'feature'? MindSuck (Sep 28)